AWS CLI 实现 S3与EC2实例间文件复制
前置
- AWS账户
- EC2实例已安装AWS CLI
步骤1:配置IAM用户
- 创建IAM用户
- 添加以下策略:
AmazonS3FullAccess策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}
AmazonEC2FullAccess策略
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"ec2scheduled.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"transitgateway.amazonaws.com"
]
}
}
}
]
}
步骤2:在EC2上配置AWS CLI
运行aws configure
并输入以下信息:
AWS Access Key ID [None]: ${IAM用户访问密钥ID}
AWS Secret Access Key [None]: ${IAM用户私有访问密钥}
Default region name [None]: us-west-2
Default output format [None]: json
步骤3:文件复制操作
使用AWS CLI的cp
命令,语法如下:
aws s3 cp <本地路径> <S3Uri> # 上传至S3
aws s3 cp <S3Uri> <本地路径> # 从S3下载
aws s3 cp <S3Uri> <S3Uri> # S3存储桶间复制
示例
# 上传文件至S3
aws s3 cp myfile.txt s3://my-bucket/
# 从S3下载文件
aws s3 cp s3://my-bucket/myfile.txt ./
# 在S3存储桶间复制
aws s3 cp s3://source-bucket/file.txt s3://dest-bucket/
安全最佳实践
- 使用最小权限访问 - 建议将S3权限限制到特定存储桶
- 定期轮换IAM访问密钥
- 切勿共享或提交AWS凭证
- 考虑对EC2实例使用IAM角色而不是访问密钥